diff --git a/pod-security-cel/baseline/restrict-sysctls/restrict-sysctls.yaml b/pod-security-cel/baseline/restrict-sysctls/restrict-sysctls.yaml
index d564df539..87ba02cbe 100644
--- a/pod-security-cel/baseline/restrict-sysctls/restrict-sysctls.yaml
+++ b/pod-security-cel/baseline/restrict-sysctls/restrict-sysctls.yaml
@@ -36,12 +36,16 @@ spec:
             - expression: >- 
                 !has(object.spec.securityContext) ||
                 !has(object.spec.securityContext.sysctls) ||
-                object.spec.securityContext.sysctls.all(sysctl, !has(sysctl.name) ||
-                sysctl.name == 'kernel.shm_rmid_forced' ||
-                sysctl.name == 'net.ipv4.ip_local_port_range' ||
-                sysctl.name == 'net.ipv4.ip_unprivileged_port_start' ||
-                sysctl.name == 'net.ipv4.tcp_syncookies' ||
-                sysctl.name == 'net.ipv4.ping_group_range')
+                object.spec.securityContext.sysctls.all(sysctl, 
+                  !has(sysctl.name) ||
+                  [
+                  'kernel.shm_rmid_forced',
+                  'net.ipv4.ip_local_port_range',
+                  'net.ipv4.ip_unprivileged_port_start',
+                  'net.ipv4.tcp_syncookies',
+                  'net.ipv4.ping_group_range'
+                  ].exists(allowedName, allowedName == (sysctl.name)
+                    
               message: >-
                 Setting additional sysctls above the allowed type is disallowed.
                 The field spec.securityContext.sysctls must be unset or not use any other names